I'm currently working on a new backup setup using duplicity
(sysutils/duplicity). For this purpose I'm using separate keys for
encrypting and signing the backup. Each host has its own signature key which
enables the backup server to verify the integrity and authenticity of the
backup. Since the backup is performed automatically, these keys should have
no pass-phrase set. Using batch mode (and a little bit of python - duplicity
is written in python anyway) creating signature keys is easy to do and doesn't
require the installation of any of the pin-entry ports for GnuPG.